S21SEC [DCS17CTF] – Mauritania

During my spare time i have tried some tasks from DSC17 CTF by S21sec. I will comment here on those in which I found more difficult or fun. FBCTF was present as platform so from here tasks names will be countries associated.

Mauritania – 400 points

First Run

Before run we try to inspect binary strings (strings ftw! – n00b says). We clearly see a weird string that could match our password. But, this is not so (so) easy!.

IDA Dissasembler

Seems IDA could help on this simple task. All you have to do is open binary and get pseudo code from main function

So it’s simple XOR with 0x16 key on “paswd” variable. Remember this weird string (A1-C3bK4_2h5f8vE)? Yes, its xoring and result is our flag. For the task we can reproduce this for loop part and get output.